Executive Summary

Informations
Name CVE-2010-4051 First vendor Publication 2011-01-13
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4051

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 28

ExploitDB Exploits

id Description
2010-12-07 GNU glibc 'regcomp()' Stack Exhaustion Denial Of Service Vulnerability
2013-02-05 FreeBSD 9.1 ftpd Remote Denial of Service
2011-01-07 GNU libc/regcomp(3) Multiple Vulnerabilities

Open Source Vulnerability Database (OSVDB)

Id Description
70446 GNU C Library regcomp() Function Regex Bounded Repetition RE_DUP_MAX Limitati...

GNU C Library contains a flaw that may allow a remote denial of service. The issue is triggered when errors in the 'regcomp()' function when processing certain regular expressions, allowing a remote attacker to cause a denial of service by using this function on specially crafted regular expressions.

Nessus® Vulnerability Scanner

Date Description
2014-01-16 Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10612.nasl - Type : ACT_GATHER_INFO
2011-04-18 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5098.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4a...
Source Url
BID http://www.securityfocus.com/bid/45233
BUGTRAQ http://www.securityfocus.com/archive/1/515589/100/0/threaded
CERT-VN http://www.kb.cert.org/vuls/id/912279
EXPLOIT-DB http://www.exploit-db.com/exploits/15935
FULLDISC http://seclists.org/fulldisclosure/2011/Jan/78
MISC http://cxib.net/stuff/proftpd.gnu.c
https://bugzilla.redhat.com/show_bug.cgi?id=645859
SECTRACK http://securitytracker.com/id?1024832
SECUNIA http://secunia.com/advisories/42547
SREASON http://securityreason.com/securityalert/8003
SREASONRES http://securityreason.com/achievement_securityalert/93

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2023-11-07 21:47:31
  • Multiple Updates
2021-06-18 21:23:28
  • Multiple Updates
2021-05-04 12:12:41
  • Multiple Updates
2021-04-22 01:13:24
  • Multiple Updates
2020-05-23 00:26:48
  • Multiple Updates
2018-10-11 00:19:59
  • Multiple Updates
2016-04-26 20:12:12
  • Multiple Updates
2014-10-27 09:22:38
  • Multiple Updates
2014-02-17 10:58:23
  • Multiple Updates
2013-05-10 23:36:03
  • Multiple Updates